QUESTION 16Which three statements about the keying methods used by MAC Sec are true (Choose Three)

A. MKA is implemented as an EAPoL packet exchangeB. SAP is enabled by default for Cisco TrustSec in manual configuration mode.C. SAP is supported on SPAN destination portsD. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKAE. SAP is not supported on switch SVIs .F. A valid mode for SAP is NULL

A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attributeB. It uses AD attribute maps to assign users to group policies configured under the WebVPN contextC. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policiesD. It can assign a group policy to a user based on access credentialsE. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASAF. It is a closed standard that manages directory-information services over distributed networks

Answer: AB

QUESTION 18Drag and Drop QuestionDrag each IPS signature engine on the left to its description on the right.Answer:

QUESTION 19With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails Registration will continue to fail until you do which of these?

A. Modify the NHRP network IDs to match on the hub and spoke.B. configure the ip nhrp caches non-authoritative command on the hub’s tunnel interface.C. modify the tunnel keys to match on the hub and spoke.D. modify the NHRP hold time to match on the hub and spoke.

A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.E. A Security Group Tag is a variable length string that is returned as an authorization result.

Answer: ACD

QUESTION 21Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)

A. It provides backward compability with legacy IPv6 inspectionB. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.F. It provide backward compatibility with legacy IPv4 inseption.